Are you trying to join an existing Windows domain? Or create a new domain? - Avron
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Henrik Dige Semark Sent: Thursday, January 08, 2009 10:16 AM To: Samba list Subject: RE: [Samba] Samba + Windows 2003 AD How can I ping UNDERVISNING.LOCAL when its just the domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can ping that just fine My resolv.conf --------------- search birke-gym.dk nameserver 127.0.0.1 My nsswitch.conf --------------- passwd: files winbind compat group: files winbind compat shadow: files winbind compat hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: files winbind db files services: files winbind db files ethers: db files rpc: db files netgroup: files winbind nis automount: files winbind is I'm missing something ? ---- Med Venlig Hilsen / Best regards Henrik Dige Semark Subject: RE: [Samba] Samba + Windows 2003 AD Date: Thu, 8 Jan 2009 09:54:22 -0700 From: [email protected] To: [email protected] Can you : ping -I 1 UNDERVISNING.LOCAL No? Check resolv.conf or nsswitch.conf (I have a SUN Solaris background - not much Debian) For more help, please include [email protected] in to: or cc: Good luck (held og lykke)! (Sorry, I don't speak Danish... ) - Avron From: Henrik Dige Semark [mailto:[email protected]] Sent: Thursday, January 08, 2009 9:48 AM To: Avron Gray Subject: RE: [Samba] Samba + Windows 2003 AD Hey thanx for the quick answer :) When I try the net ads testjoin its not very informative :P # net ads testjoin [email protected]'s password: [2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289) ads_connect: Operations error Join to domain is not valid I have also tried wbinfo --all-domains but it can't see the domain I try to connect to, will this say that my smb.conf I rung in some point ? I have an older SMB witch is running a Domain it self, and it can see the domain when I run this command ---- Med Venlig Hilsen / Best regards Henrik Dige Semark > Subject: RE: [Samba] Samba + Windows 2003 AD > Date: Thu, 8 Jan 2009 09:25:47 -0700 > From: [email protected] > To: [email protected]; [email protected] > > Have you run: > net ads testjoin > > Does it say "Join is OK"? > > > This might not be related... > > I had to compile samba 3.0.33 to get around a Windows Domain restriction > issue: > https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that > if the \NETLOGON pipe is opened up on the Windows AD server, the join > works fine. As soon as it is restricted via domain policies, it > restricts anonymous access to the ports. As soon as this happens, we are > unable to complete a net join ads successfully. > > - Avron > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Henrik > Dige Semark > Sent: Thursday, January 08, 2009 9:13 AM > To: Samba list > Subject: [Samba] Samba + Windows 2003 AD > > > Hey, I don't know if this is the right list to ask this question in, but > I have tried on the IRC (irc.freenode.net #samba) and people on there > advised me to try here instead. > > > I have: > Debian 4.0r4 > Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1 > krb5 Version 1.4.4-7etch6 > Kernel Version 2.6.18-6-amd64 > > A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1 > > ------------------------------------------------------------------------ > -------------- > > When I try to connect my samba to the DC I get this output: > > # net ads join -U Administrator --debuglevel=10 > [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391) > INFO: Current debug levels: > all: True/10 > tdb: False/0 > printdrivers: False/0 > lanman: False/0 > smb: False/0 > rpc_parse: False/0 > rpc_srv: False/0 > rpc_cli: False/0 > passdb: False/0 > sam: False/0 > auth: False/0 > winbind: False/0 > vfs: False/0 > idmap: False/0 > quota: False/0 > acls: False/0 > locking: False/0 > msdfs: False/0 > dmapi: False/0 > [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953) > lp_load: refreshing parameters > [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418) > Initialising global parameters > [2009/01/08 17:10:15, 3] param/params.c:pm_process(572) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2009/01/08 17:10:15, 3] param/loadparm.c:do_section(3695) > Processing section "[global]" > doing parameter server string = Debian 4.0 - Samba %v - BDC > doing parameter netbios name = mail > [2009/01/08 17:10:15, 4] param/loadparm.c:handle_netbios_name(3053) > handle_netbios_name: set global_myname to: MAIL > doing parameter workgroup = UNDERVISNING > doing parameter display charset = ASCII > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS-2LE > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS-2LE > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-16LE > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-16LE > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS-2BE > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS-2BE > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-16BE > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-16BE > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF8 > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF8 > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UTF-8 > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UTF-8 > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset ASCII > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) > Registered charset ASCII > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset 646 > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) > Registered charset 646 > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset ISO-8859-1 > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) > Registered charset ISO-8859-1 > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105) > Attempting to register new charset UCS2-HEX > [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113) > Registered charset UCS2-HEX > doing parameter unix charset = UTF-8 > doing parameter dos charset = ASCII > doing parameter Inherit permissions = yes > doing parameter Inherit owner = yes > doing parameter security = ADS > doing parameter idmap uid = 500-10000000 > doing parameter idmap gid = 500-10000000 > doing parameter template shell = /bin/bash > doing parameter winbind use default domain = yes > doing parameter winbind separator = % > doing parameter winbind enum users = yes > doing parameter winbind enum groups = yes > doing parameter template homedir = /home/%D/%U > doing parameter client use spnego = yes > doing parameter password server = bgdc.birke-gym.dk > doing parameter encrypt passwords = Yes > doing parameter realm = UNDERVISNING.LOCAL > doing parameter wins server = bgdc.birke-gym.dk > doing parameter nt acl support = true > doing parameter os level = 1000 > doing parameter preferred master = no > doing parameter domain master = no > doing parameter local master = no > doing parameter domain logons = no > doing parameter hide special files = Yes > doing parameter hide unreadable = Yes > doing parameter disable netbios = yes > doing parameter name resolve order = wins lmhosts hosts bcast > doing parameter log level = 10 > doing parameter log file = /var/log/samba/UNDERVISNING > [2009/01/08 17:10:15, 4] param/loadparm.c:lp_load(4984) > pm_process() returned Yes > [2009/01/08 17:10:15, 7] param/loadparm.c:lp_servicenumber(5120) > lp_servicenumber: couldn't find homes > [2009/01/08 17:10:15, 10] param/loadparm.c:set_server_role(4229) > set_server_role: role = ROLE_DOMAIN_MEMBER > [2009/01/08 17:10:15, 5] lib/util.c:init_names(286) > Netbios name list:- > my_netbios_names[0]="MAIL" > [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81) > added interface ip=194.182.87.97 bcast=194.182.87.127 > nmask=255.255.255.128 > [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81) > added interface ip=194.182.87.2 bcast=194.182.87.127 > nmask=255.255.255.128 > [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81) > added interface ip=194.182.87.98 bcast=194.182.87.127 > nmask=255.255.255.128 > [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81) > added interface ip=194.182.87.121 bcast=194.182.87.127 > nmask=255.255.255.128 > [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81) > added interface ip=10.3.255.1 bcast=10.3.255.255 nmask=255.255.255.0 > [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81) > added interface ip=10.3.16.1 bcast=10.3.31.255 nmask=255.255.240.0 > [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81) > added interface ip=10.3.2.250 bcast=10.3.3.255 nmask=255.255.254.0 > [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81) > added interface ip=10.3.2.1 bcast=10.3.3.255 nmask=255.255.254.0 > [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81) > added interface ip=10.8.0.1 bcast=10.8.0.255 nmask=255.255.255.0 > Administrator's password: > [2009/01/08 17:10:19, 6] libads/ldap.c:ads_find_dc(224) > ads_find_dc: looking for realm 'UNDERVISNING.LOCAL' > [2009/01/08 17:10:19, 8] libsmb/namequery.c:get_sorted_dc_list(1551) > get_sorted_dc_list: attempting lookup using [ads] > [2009/01/08 17:10:19, 5] lib/gencache.c:gencache_init(61) > Opening cache file at /var/run/samba/gencache.tdb > [2009/01/08 17:10:19, 10] lib/gencache.c:gencache_get(329) > Cache entry with key = SAF/DOMAIN/UNDERVISNING.LOCAL couldn't be found > [2009/01/08 17:10:19, 5] libsmb/namequery.c:saf_fetch(105) > saf_fetch: failed to find server for "UNDERVISNING.LOCAL" domain > [2009/01/08 17:10:19, 3] libsmb/namequery.c:get_dc_list(1426) > get_dc_list: preferred server list: ", bgdc.birke-gym.dk" > [2009/01/08 17:10:19, 10] libsmb/namequery.c:internal_resolve_name(1132) > internal_resolve_name: looking up bgdc.birke-gym.dk#20 > [2009/01/08 17:10:19, 10] lib/gencache.c:gencache_get(304) > Returning valid cache entry: key = NBT/BGDC.BIRKE-GYM.DK#20, value = > 10.3.17.1:0, timeout = Thu Jan 8 17:20:53 2009 > [2009/01/08 17:10:19, 5] libsmb/namecache.c:namecache_fetch(201) > name bgdc.birke-gym.dk#20 found. > [2009/01/08 17:10:19, 10] > libsmb/namequery.c:remove_duplicate_addrs2(408) > remove_duplicate_addrs2: looking for duplicate address/port pairs > [2009/01/08 17:10:19, 4] libsmb/namequery.c:get_dc_list(1529) > get_dc_list: returning 1 ip addresses in an ordered list > [2009/01/08 17:10:19, 4] libsmb/namequery.c:get_dc_list(1530) > get_dc_list: 10.3.17.1:389 > [2009/01/08 17:10:19, 5] libads/ldap.c:ads_try_connect(127) > ads_try_connect: sending CLDAP request to 10.3.17.1 (realm: > UNDERVISNING.LOCAL) > [2009/01/08 17:10:19, 10] libsmb/namequery.c:saf_store(71) > saf_store: domain = [UNDERVISNING], server = [10.3.17.1], expire = > [1231431919] > [2009/01/08 17:10:19, 10] lib/gencache.c:gencache_set(140) > Adding cache entry with key = SAF/DOMAIN/UNDERVISNING; value = > 10.3.17.1 and timeout = Thu Jan 8 17:25:19 2009 > (900 seconds ahead) > [2009/01/08 17:10:19, 3] libads/ldap.c:ads_connect(287) > Connected to LDAP server 10.3.17.1 > > ==== STOPS HERE FOR ABOUT 30 SEC ==== > > [2009/01/08 17:10:24, 0] utils/net_ads.c:ads_startup(289) > ads_connect: Operations error > [2009/01/08 17:10:24, 2] utils/net.c:main(988) > return code = -1 > > ------------------------------------------------------------------------ > -------------- > > Windows Server Event log: > ======= > Windows Server Event - [22:56:34] > > Successful Network Logon: > User Name: BGDC$ > Domain: UNDERVISNING > Logon ID: (0x0,0x1C82893) > Logon Type: 3 > Logon Process: Kerberos > Authentication Package: Kerberos > Workstation Name: > Logon GUID: {791dbfae-1330-1cc3-24ee-538ed69bc9d8} > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 10.3.17.1 > Source Port: 4831 > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > ====================================== > Windows Server Event - [22:56:34] > Special privileges assigned to new logon: > User Name: BGDC$ > Domain: UNDERVISNING > Logon ID: (0x0,0x1C82893) > Privileges: SeSecurityPrivilege > SeBackupPrivilege > SeRestorePrivilege > SeTakeOwnershipPrivilege > SeDebugPrivilege > SeSystemEnvironmentPrivilege > SeLoadDriverPrivilege > SeImpersonatePrivilege > SeEnableDelegationPrivilege > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > ====================================== > > > > Windows Server Event - [23:01:34] > > User Logoff: > User Name: BGDC$ > Domain: UNDERVISNING > Logon ID: (0x0,0x1C82893) > Logon Type: 3 > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > ------------------------------------------------------------------------ > -------------- > > My klist: > ======= > # klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: [email protected] > > Valid starting Expires Service principal > 01/04/09 16:36:47 01/04/09 23:16:47 > krbtgt/[email protected] > > > Kerberos 4 ticket cache: /tmp/tkt0 > klist: You have no tickets cached > > ------------------------------------------------------------------------ > -------------- > > smb.conf > ======= > cat /etc/samba/smb.conf | grep -v "#" > [global] > dos charset = ASCII > display charset = ASCII > workgroup = UNDERVISNING > realm = UNDERVISNING.LOCAL > server string = Debian 4.0 - Samba %v - BDC > security = ADS > password server = bgdc.birke-gym.dk > log level = 10 > log file = /var/log/samba/UNDERVISNING > disable netbios = Yes > name resolve order = wins lmhosts hosts bcast > os level = 1000 > preferred master = No > local master = No > domain master = No > wins server = bgdc.birke-gym.dk > idmap uid = 500-10000000 > idmap gid = 500-10000000 > template shell = /bin/bash > winbind separator = % > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > inherit permissions = Yes > inherit owner = Yes > hide special files = Yes > hide unreadable = Yes > > [homes] > comment = Home Directories > valid users = %U > read only = No > browseable = No > > ------------------------------------------------------------------------ > -------------- > > # testparm > Load smb config files from /etc/samba/smb.conf > Processing section "[homes]" > Loaded services file OK. > Server role: ROLE_DOMAIN_MEMBER > Press enter to see a dump of your service definitions > ^C > > ------------------------------------------------------------------------ > -------------- > > krb5.conf > ====== > > [logging] > default = FILE:/var/log/krb5libs.log > #kdc = FILE:/var/log/krb5kdc.log > #admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > ticket_lifetime = 24000 > default_realm = UNDERVISNING.LOCAL > > default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc > default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc > > [realms] > #================ Birke-gym.dk ========================= > UNDERVISNING.LOCAL = { > kdc = bgdc.birke-gym.dk > admin_server = bgdc.birke-gym.dk > default_domain = UNDERVISNING.LOCAL > } > > [domain_realm] > .undervisning.local = UNDERVISNING.LOCAL > undervisning.local = UNDERVISNING.LOCAL > > [login] > krb4_convert = true > krb4_get_tickets = false > > ------------------------------------------------------------------------ > -------------- > > # cat /etc/hosts > 127.0.0.1 localhost mail > 127.0.1.1 mail.birke-gym.dk mail > > 10.3.17.1 bgdc.birke-gym.dk bgdc > > ------------------------------------------------------------------------ > -------------- > > Any suggestion ? > > And how mutch do I have to setup on the Windows Server ? I have createt > a krb. trust on it and I use the pass I gave there, but is there more I > have to set ? > > Sorry for my bad english, and if there is anything plz feel free to > write, all help is resived with love > > ---- > Med Venlig Hilsen / Best regards > Henrik Dige Semark > _________________________________________________________________ > Del dine billeder med alle vennerne med Windows Live Photo Gallery. > http://download.live.com/photogallery-- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba Vind en Samsung fladskrm og f Hotmail p mobilen Ls mere her. _________________________________________________________________ Få Windows Live Hotmail to go med Samsung i200! www.microsoft.dk/hotmail-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
